diff --git a/CHANGELOG.md b/CHANGELOG.md
index d14f9d17..b5130129 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,7 +17,8 @@ Features:
 
 Refactoring:
 
-- None
+- `[utils.misc]` Use SHA256 instead of MD5 in `randio()` to support Redhap/FIPS compliance. Limit to 32 characters for backward compatibility.
+    - [Issue #626](https://github.com/datafolklabs/cement/issues/626)
 
 
 Misc:
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 5bc2a36e..1e7cb198 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -18,3 +18,4 @@ documentation, or testing:
 - Adam Hodges (ajhodges)
 - Stelios Tymvios (namedLambda)
 - Spyros Vlachos (devspyrosv)
+- Joe Roberts (jjroberts)
diff --git a/cement/utils/misc.py b/cement/utils/misc.py
index 6b27e287..50a072ec 100644
--- a/cement/utils/misc.py
+++ b/cement/utils/misc.py
@@ -10,7 +10,7 @@ from random import random
 
 def rando(salt=None):
     """
-    Generate a random MD5 hash for whatever purpose.  Useful for testing
+    Generate a random hash for whatever purpose.  Useful for testing
     or any other time that something random is required.
 
     Args:
@@ -18,7 +18,7 @@ def rando(salt=None):
             is used.
 
     Returns:
-        str: Random MD5 hash
+        str: Random hash
 
     Example:
 
@@ -33,7 +33,9 @@ def rando(salt=None):
     if salt is None:
         salt = random()
 
-    return hashlib.md5(str(salt).encode()).hexdigest()
+    # issue-626: Use sha256 for compatibility with Redhat/FIPS restricted
+    # policies. Return only 32 chars for backward compat with previous md5
+    return hashlib.sha256(str(salt).encode()).hexdigest()[:32]
 
 
 class MinimalLogger(object):